Reports are emerging that hackers have managed to steal $2.3 million from the Trump reelection campaign with a series of phishing and fake invoice scams that duped officials in the Trump reelection team.
News that hackers were able to net $2.3 million from the Trump reelection campaign with fake invoices was confirmed by the Republican Party yesterday, who said the most recent hack puts the incumbent president at a disadvantage for next week’s election.
Andrew Hitt, the sitting Republican chairman of Wisconsin – a key battleground state – has issued a statement saying that “cybercriminals, using a sophisticated phishing attack, stole funds intended for the re-election of President Trump, altered invoices and committed wire fraud.”
“These criminals exhibited a level of familiarity with state party operations at the end of the campaign to commit this crime,” adding that “there’s no doubt RPW – Republican Party Wisconsin – is now at a disadvantage with that money being gone.”
The hackers were able to dupe and steal $2.3 million from the Trump campaign after exploiting their system with a phishing campaign and a subsequent series of invoice scams that fooled Trump campaign officials into thinking they were paying legitimate vendors for their services, such as the manufacturing of Trump hats.
The Republican party has reported the hack to the FBI and has launched its own investigation into the fake invoice scams and phishing campaigns that netted hackers $2.3 million of Trump’s reelection campaign.
Reports state that hackers knew the inner workings of the Republican party and were able to gain access to their network via a series of phishing campaigns. The hackers then modified a number of invoices from four suppliers of merchandise, adding their own details to the invoices which were paid into the hacker’s accounts.
Invoice scams such as these are commonplace for hackers to gain money from organisations that have been duped into paying what they believed was a legitimate invoice to a trusted customer or supplier, when in reality, they are actually paying the hackers directly.
One of the best ways to combat phishing campaigns and the potential of being targeted with fake invoices like this particular attack is with the implementation of an Information Security Management System like ISO 27001.
They’re known as business email compromise – BEC – attacks, where hackers will disguise themselves as a client or supplier for an organisation. According to a report from CNET, “Google and Facebook lost more than $100 million in a scheme from 2013 to 2015 to a Lithuanian man posing as a computer hardware company.”
To make things worse for President Trump, the latest news comes just days after we reported that hackers successfully targeted Trump’s campaign website and posted their own messages on the site.
A spokesperson for the Republican party, Alec Zimmerman has said that another GOP account for state and local campaigns was left unnoticed by the hackers, and that no voter information was accessed in the initial data breach.
Zimmerman did concede, though, that the hack of more than $2.3 million from Trump’s reelection campaign was “devastating,” adding that “anytime you lose $2.3 million, I think that’s probably an accurate way to describe it.”
Wisconsin Republican chairman Andrew Hitt has said that “while a large sum of money was stolen, our operation is running at full capacity with all the resources deployed to ensure President Donald J. Trump carries Wisconsin on November 3rd.”
A report from the AP quotes Matt Rothschild, leader of the independent campaign finance monitoring group, Wisconsin Democracy Campaign, who said the hack is “certainly embarrassing” for the Republican party.
“It’s got to hurt them and their ability to function at this crucial moment,” Rothschild said, adding that “I can’t see any upside for them in this matter.”
It is too early to tell definitively whether or not the fake invoices were launched against Trump’s reelection campaign for purely political reasons, or whether they were simply for financial gain.